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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims; 

1-3. (Cancelled). 

4. (Currently Amended) A system, comprising: 
system memory; 
one or more processors; and 

one or more physical recordable-type computer-readable media having stored 
th e r e on e thereon computer-executable instructions of a controlling authority for identifying an 
authenticating authority for authenticating a principal for access to network resources, the 
controlling authority comprising: 

a receiving module configured to receive a request for an authenticating authority 
resolution from an authenticating authority that is not authorized to authenticate the 
principal, wherein the request comprises an account ID of a principal to be authenticated, 
the account ID including an individual identifier and a domain identifier; 

an identity catalog , th e id e ntity catalog configured to access an assignment 
mapping that maps each account ID in a plurality of account IDs to a corresponding 
plurality of authenticating authorities that are authorized to authenticate the account ID. 
the account ID including an individual identifier and a domain identifier, the account ID 
being used to identify comprising th e id e ntity of the principal at l e ast on e account ID of 
at l e ast on e principal to an identifier of a corr e sponding auth e nticating authority ; and 

an authority resolution module for accessing the identity catalog to locate within 
the mapping an identity of an assigned authenticating authority fi-om among the one or 
more authenticating authorities that corresponds to the individual identifier and domain 
identifier in the account ID of the principal to be authenticated match th e account ID 
bas e d on th e id e ntity of th e principal with a corr e sponding auth e nticating authority and 
for causing an auth e ntication r e qu e st to b e dir e ct e d to th e corr e sponding auth e nticating 
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5. (Previously Presented) The system according to claim 4, flirther comprising a 
network interface for passing the account ID to the authority resolution module and for receiving 
from the authority resolution module an authentication request directed to the corresponding 
authenticating authority. 

6. (Previously Presented) The system according to claim 4, wherein the identity 
catalog maps a plurality of account IDs to a corresponding plurality of authenticating authorities. 

7. (Previously Presented) The system according to claim 6, wherein each account 
ID comprises a namespace identifier, and wherein the plurality of account IDs comprises at least 
two account IDs having a common namespace identifier, wherein the at least two account IDs 
are mapped to at least two different respective ones of the plurality of authenticating authorities. 

8. (Previously Presented) The system according to claim 6, wherein each account 
ID comprises a namespace identifier, and wherein the plurality of account IDs comprises at least 
two account IDs having different namespace identifiers, wherein the at least two account IDs are 
mapped to the same one of the plurality of authenticating authorities. 

9. (Previously Presented) The system according to claim 6, wherein the content of 
the identity catalog is based at least in part on the organizational affiliation of principals within 
an entity. 

10. (Previously Presented) The system according to claim 6, wherein the content of 
the identity catalog is based at least in part on the geographical location of principals. 
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1 1 . (Currently Amended) At a super authority connected to a network environment, 
an assigned authenticating authority and one or more other authenticating authorities also being 
connected to the network environment, each authenticating authority configured to authenticate 
of subset of principals that access the network environment through different domains, a method 
of controlling authentication of principals for access to network resources in a network 
environment, wherein the principal's account identifier is configured for authentication at an 
authenticating authority from among the assigned authenticating authority and the one or more 
other authenticating authorities, the method comprising: 

receiving at the super authority a request for an authenticating authority resolution 
from on e of a plurality of an authenticating authoriti e s authority that is not authorized to 
authenticate the principal wherein the request comprises an account ID of a principal to 
be authenticated , the account ID including an individual identifier and a domain 
identifier : 

accessing an assignment mapping that maps each account ID in a plurality of 
account IDs to a corresponding plurality of authenticating authorities that are authorized 
can b e us e d to authenticate the account ID, the account ID including an individual 
identifier and a domain identifier, the account ID being used to identify comprising th e 
id e ntity of the principal; 

locating within the mapping an identity of an assigned authenticating authority 
from among the one or more authenticating authorities that corresponds to the individual 
identifier and domain identifier in the account ID of the principal to be authenticated; and 

causing an authentication request to be transmitted to the assigned authenticating 
authority located from among the one or more authenticating authorities, the assigned 
authenticating authority having been located using the principal's individual identifier 
and domain identifiers in the principal's account ID, wherein the request asks the 
assigned authenticating authority to authenticate the principal. 

12. (Original) The method according to claim 11, wherein each account ID 
comprises a namespace identifier, and wherein the plurality of account IDs comprises at least 
two account IDs having a common namespace identifier, wherein the at least two account IDs 
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are mapped to at least two different respective ones of the plurality of authenticating authorities 
via the assignment mapping. 

13. (Original) The method according to claim 11, wherein each account ID 
comprises a namespace identifier, and wherein the plurality of account IDs comprises at least 

two account IDs having different namespace identifiers, wherein the at least two account IDs are 
mapped to the same one of the plurality of authenticating authorities via the assignment 
mapping. 

14. (Original) The method according to claim 11, further comprising altering the 
assignment mapping whereby an account ID previously mapped to a first authenticating 
authority is remapped to a second authenticating authority. 

15. (Original) The method according to claim 1 1, wherein the assignment mapping is 
based at least in part on the organizational affiliation of principals within an entity. 

16. (Original) The method according to claim 1 1, wherein the assignment mapping is 
based at least in part on the geographical location of principals. 
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17. (Currently Amended) At a super authority connected to a network environment, 
an assigned authenticating authority and one or more other authenticating authorities also being 
connected to the network environment, each authenticating authority configured to authenticate 
of subset of principals that access the network environment through different domains, an 
apparatus for controlling authentication of principals for access to network resources in a 
network environment, wherein the principal's account identifier is configured for authentication 
at an authenticating authority from among the assigned authenticating authority and the one or 
more other authenticating authorities, the m e thod apparatus comprising: 

means for receiving at the super authority a request for an authenticating authority 
resolution from on e of a plurality of an authenticating authoriti e s authority that is not 
authorized to authenticate the principal wherein the request comprises an account ID of a 
principal to be authenticated , the account ID including an individual identifier and a 
domain identifier : 

means for accessing an assignment mapping that maps each account ID in a 
plurality of account IDs to a corresponding plurality of authenticating authorities that are 
authorized can b e us e d to authenticate the account ID, the account ID including an 
individual identifier and a domain identifier, the account ID being used to identify 
comprising th e identity of the principal; 

means for locating within the mapping an identity of an assigned authenticating 
authority from among the one or more authenticating authorities that corresponds to the 
individual identifier and domain identifier in the account ID of the principal to be 
authenticated; and 

means for causing an authentication request to be transmitted to the assigned 
authenticating authority located from among the one or more authenticating authorities, 
the assigned authenticating authority having been located using the principal's individual 
identifier and domain identifiers in the principal's account ID, wherein the request asks 
the assigned authenticating authority to authenticate the principal. 

18. (Original) The apparatus according to claim 17, wherein each account ID 
comprises a namespace identifier, and wherein the plurality of account IDs comprises at least 
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two account IDs having a common namespace identifier, wherein the at least two account IDs 
are mapped to at least two different respective ones of the plurality of authenticating authorities 
via the assignment mapping. 

19. (Original) The apparatus according to claim 17, wherein each account ID 
comprises a namespace identifier, and wherein the plurality of account IDs comprises at least 
two account IDs having different namespace identifiers, wherein the at least two account IDs are 
mapped to the same one of the plurality of authenticating authorities via the assignment 
mapping. 

20. (Original) The apparatus according to claim 17, further comprising means for 
altering the assignment mapping whereby an account ID previously mapped to a first 
authenticating authority is remapped to a second authenticating authority. 
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21. (Currently Amended) At a super authority connected to a network environment, 
an assigned authenticating authority and one or more other authenticating authorities also being 
connected to the network environment, each authenticating authority configured to authenticate 
of subset of principals that access the network environment through different domains, a 
physical recordable-type computer-readable medium having thereon computer-executable 
instructions for performing a method of controlling authentication of principals for access to 
network resources in a network environment, wherein the principal's account identifier is 
configured for authentication at an authenticating authority from among the assigned 
authenticating authority and the one or more other authenticating authorities, the method 
comprising the steps of 

receiving at the super authority a request for an authenticating authority resolution 
from on e of a plurality of an_authenticating authoriti e s authority that is not authorized to 
authenticate the principal , wherein the request comprises an account ID of a principal to 
be authenticated , the account ID including an individual identifier and a domain 
identifier : 

accessing an assignment mapping that maps each account ID in a plurality of 
account IDs to a corresponding plurality of authenticating authorities that are authorized 
can b e us e d to authenticate the account ID, the account ID including an individual 
identifier and a domain identifier, the account ID being used to identify comprising th e 
identity of the principal; 

locating within the mapping an identity of an assigned authenticating authority 
from among the one or more authenticating authorities that corresponds to the individual 
identifier and domain identifier in the account ID of the principal to be authenticated; and 

causing an authentication request to be transmitted to the assigned authenticating 
authority located from among the one or more authenticating authorities, the assigned 
authenticating authority having been located using the principal's individual identifier 
and domain identifiers in the principal's account ID, wherein the request asks the 
assigned authenticating authority to authenticate the principal. 
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22. (Currently Amended) The physical recordable-type computer-readable medium 
according to claim 21, wherein each account ID comprises a namespace identifier, and wherein 
the plurality of account IDs comprises at least two account IDs having a common namespace 
identifier, wherein the at least two account IDs are mapped to at least two different respective 
ones of the plurality of authenticating authorities via the assignment mapping. 

23. (Currently Amended) The physical, recordable-type computer-readable medium 
according to claim 21, wherein each account ID comprises a namespace identifier, and wherein 
the plurality of account IDs comprises at least two account IDs having different namespace 
identifiers, wherein the at least two account IDs are mapped to the same one of the plurality of 
authenticating authorities via the assignment mapping. 

24. (Currently Amended) The physical recordable-type computer-readable medium 
according to claim 21, wherein the assignment mapping is based at least in part on the 
organizational affiliation of principals within an entity. 

25. (Currently Amended) The physical recordable-type computer-readable medium 
according to claim 21, wherein the assignment mapping is based at least in part on the 
geographical location of principals. 
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